Cybersecurity

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What flag does nmap use to enable operating system identification?

"-o"

Which Cisco log level is the most critical?

0

Which Cisco log level is used for debugging information and is at the bottom of the scale?

7

Forensic data is most often used for what type of threat assessment data?

IOCs

What organizations did the U.S. government help create to help share knowledge between organizations in specific verticals?

ISACA

Cyn wants to send threat information via a standardized protocol specifically designed to exchange cyberthreat information. What should she choose?

TAXII

Cindy is conducting a cybersecurity risk assessment and is considering the impact that a failure of her city's power grid might have on the organization. What type of threat is she considering?

environmental

Which step occurs first during the attack phase of a penetration test?

gaining access

Which type of organization is the most likely to face a regulatory requirement to conduct vulnerability scans?

government agency

Tom would like to deploy consistent security settings to all of his Windows settings simultaneously. What technology can he use to achieve this goal?

group policy object

"Organizations like Anonymous, which target governments and businesses for political reasons, are examples of what type of threat actor?"

hacktivists

Robert's organization has a BYOD policy, and he would like to ensure that devices connected to the network under this policy have current antivirus software. What technology can best assist him with this goal?

network access control

What type of firewall provides the greatest degree of contextual information and can include information about users and applications in its decision-making process?

next generation firewalls

Advanced persistent threats are most commonly associated with which type of threat actor?

non-state actors

Which of the following is not a common technique used to defend against command and control (C2) capabilities deployed by attackers?

patch against zero-day attacks

Which one of the following is an example of operational security control?

penetration tests

During what phase of a penetration test should the testers obtain written authorization to conduct the test?

planning

Which of the following is not a common DNS anti-harvesting technique?

registering manually

Susan wants to start performing intelligence gathering. Which of the following options is frequently conducted in the requirements-gathering stage?

review of security breaches or compromises your organization has faced

What command line tool can be used to determine the path that traffic takes to a remote system?

traceroute

Tommy is assessing the security database servers in his data center and realizes that one of them is missing a critical Oracle security patch. What type of situation has Tommy detected?

vulnerability

Detection, remediation, and testing are the three life-cycle phases of

vulnerability management

QualysGuard, Nessus, and OpenVAS are all examples of

vulnerability scanning tools

Which lookup tool provides information about a domain's registrar and physical location?

whois

What method used to replicate DNS information between DNS servers can also be used to gather large amounts of information about an organization's systems?

zone transfer

What method is used to replicate DNS information for DNS servers but is also a tempting exploit target for attackers?

zone transfers

Rick is preparing a firewall rule that will allow network traffic from external systems to a web server running the HTTPS protocol. What TCP port must he allow to pass through the firewall?

443

Juan is configuring a new device that will join his organization's wireless network. The wireless network uses 802.1x authentication. What type of agent must be running on the device for it to join this network?

802.1x supplicant

"Gabby wants to select a threat framework for her organization, and identifying threat actor tactics in a standardized way is an important part of her selection process. Which threat model would be her best choice?"

ATT&CK

Jessica is reading reports from vulnerability scans run by a different part of her organization using different products. She is responsible for assigning remediation resources and has difficulty prioritizing issues from different sources. What SCAP component can help Jessica with this task?

CVSS

What type of data can frequently be gathered from images taken on smartphones?

EXIF

Ben is preparing to conduct a cybersecurity risk assessment for his organization. If he chooses to follow the standard process proposed by NIST, which one of the following steps would come first?

Identify threats

What process uses information such as the way that a system's TCP stack responds to queries, what TCP options it supports, and the initial window size it uses?

OS detection

Wayne is configuring a jump box server that system administrators will connect to from their laptops. Which port should definitely not be open on the jump box?

Port 23

When performing 802.1x authentication, what protocol does the authenticator use to communicate with the authentication server?

RADIUS

Kevin would like to implement a specialized firewall that can protect against SQL injection, cross-site scripting, and similar attacks. What technology should he choose?

WAF

What language is STIX based on?

XML

Jason gathers threat intelligence that tells him that an adversary his organization considers a threat likes to use USB key drops to compromise their targets. What is this an example of?

a possible attack vector

What common criticism is leveled at the Cyber Kill Chain?

actions outside the defended network

During passive intelligence gathering, you are able to run netstat on a workstation located at your target's headquarters. What information would you not be able to find using netstat on a Windows system?

active UDP connections

Which one of the following categories of threat requires that cybersecurity analysts consider the capability, intent and targeting of the threat source?

adversarial

Who is authorized to complete one of the scans?

an approved scanning vendor

Bill would like to run an internal vulnerability scan on a system for PCI DSS compliance purposes. Who is authorized to complete one of these scans?

anyone qualified

What tool can administrators use to help identify the systems present on a network prior to conducting vulnerability scans?

asset inventory

Vincent is responding to a security incident that compromised one of his organization's web servers. He does not believe that the attackers modified or stole any information, but they did disrupt access to the organization's website. What cybersecurity objective did this attack violate?

availability

What type of assessment is particularly useful for identifying insider threats?

behavioral

Jason is writing a report about a potential security vulnerability in a software product and wishes to use standardized product names to ensure that other security analysts understand the report. Which SCAP component can Jason turn to for assistance?

common product enumeration

What term describes an analysis of threat information that might include details such as whether it is confirmed by multiple independent sources or has been directly confirmed?

confidence level

What approach to vulnerability scanning incorporates information from agents running on the target servers?

continuos monitoring

What type of analysis is best suited to identify a previously unknown malware package operating on a compromised system?

heuristic analysis

What minimum level of impact must a system have under FISMA before the organization is required to determine what information about the system is discoverable by adversaries?

high

Gary is the system administrator for a federal agency and is responsible for a variety of information systems. Which systems must be covered by vulnerability scanning programs?

high-, moderate-, and low-impact systems

Bethany is the vulnerability management specialist for a large retail organization. She completed her last PCI DSS compliance scan in March. In April, the organization upgraded its point-of-sale system, and Bethany is preparing to conduct new scans. When must she complete the new scan?

immediately

What phase of the Cyber Kill Chain includes creation of persistent backdoor access for attackers?

installation

OpenIOC uses a base set of indicators of compromise originally created and provided by which security company?

mandiant

Before Ben sends a Word document, he uses the built-in Document Inspector to verify that the file does not contain hidden content. What is this process called?

meta data purging

Brian seeks to determine the appropriate impact categorization for a federal information system as he plans the vulnerability scanning controls for that system. After consulting management, he discovers that the system contains information that, if disclosed improperly, would have a serious adverse impact on the organization. How should this system be categorized?"

moderate impact

Which of the following threat actors typically has the greatest access to resources?

nation-state actors

What tool would you use to capture IP traffic information to provide flow and volume information about a network?

netflow

Active TCP connections and the executables that are associated with them, and route table information are all available via

netstat

Tonya is configuring vulnerability scans for a system that is subject to the PCI DSS compliance standard. What is the minimum frequency with which she must conduct scans?

quarterly

Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanners?

read only

Barry is participating in a cybersecurity wargame exercise. His role is to attempt to break into adversary systems. What team is he on?

red team

Which one of the following activities is not part of the vulnerability management life cycle?

reporting

What term describes an organization's willingness to tolerate risk in their computing environment?

risk appetite

Paul recently completed a risk assessment and determined that his network was vulnerable to hackers connecting to open ports on servers. He implemented a network firewall to reduce the likelihood of a successful attack. What risk management strategy did Paul choose to pursue?

risk mitigation

Ryan is planning to conduct a vulnerability scan of a business critical system using dangerous plug-ins. What would be the best approach for the critical scan?

run scan in a test environment

Which one of the following techniques might be used to automatically detect and block malicious software that does not match known malware signatures?

sandboxing

Which type of Windows log is most likely to contain information about a file being deleted?

security logs

The Common Vulnerability Scoring Systems (CVSS) provides a standardized approach for measuring and describing the severity of

security vulnerabilities

"During an information gathering exercise, Chris is asked to find out detailed personal information about his target's employees. What is frequently the best place to find this information?"

social media

Which one of the following factors is least likely to impact vulnerability scanning schedules?

staff availability

"Barry placed all of his organization's credit card processing systems on an isolated network dedicated to card processing. He has implemented appropriate segmentation controls to limit the scope of PCI DSS to those systems through the use of VLANs and firewalls. When Barry goes to conduct vulnerability scans for PCI DSS compliance purposes, what systems must he scan?"

systems on the isolated network

Encryption software, network firewalls, and antivirus software are all examples of __________ _________ ________.

technical security controls

Selah believes that an organization she is penetration testing may have exposed information about their systems on their website in the past. What site might help her find an older copy of their website?

the internet archive

"STRIDE, PASTA, and LINDDUN are all examples of what?"

threat classification tools

What drove the creation of ISACs in the United States?

threat information sharing for infrastructure owners

Which of the following activities follows threat data analysis in the threat intelligence cycle?

threat intelligence dissemination


Kaugnay na mga set ng pag-aaral

Chapter 12: Nursing Management During Pregnancy

View Set

Financial Accounting Chapters: 1,3,4

View Set

ATI Dosage Calculations 3.0: Injectable Medications

View Set